CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Trend Micro
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
Main Takeaways: CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see ...
-
BleepingComputer
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security ...
-
The Cyber Express
Sanctioned Spyware Vendor Used iOS Zero-Day Exploit Chain Against Egyptian Targets
Google Threat Intelligence Group discovered a full iOS zero-day exploit chain deployed in the wild against targets in Egypt, revealing how sanctioned commercial surveillance vendor Intellexa continues ...
-
Kaspersky
CVE-2025-55182 vulnerability in React and Next.js | Kaspersky official blog
On December 3, it became known about the coordinated elimination of the critical vulnerability CVE-2025-55182 (CVSSv3 — 10), which was found in React server components (RSC), as well as in a number of ...
-
CybersecurityNews
CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks
Critical vulnerability has been added to CISA’s Known Exploited Vulnerabilities list, warning organizations about a dangerous file-upload flaw in OpenPLC ScadaBR systems. The vulnerability allows remo ...
-
BleepingComputer
Critical React, Next.js flaw lets hackers execute code on servers
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. Th ...
-
The Register
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks. The flaw, tracked as CVE-2025-9491, allows malicious .lnk shortcut files to hide ...
-
hackread.com
WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
A serious security vulnerability in the underlying technology for most of the world’s web was recently discovered in the underlying code for most of the world’s web browsers, putting over 4 billion de ...
-
CybersecurityNews
PickleScan 0-Day Vulnerabilities Enable Arbitrary Code Execution via Malicious PyTorch Models
Multiple critical zero‑day vulnerabilities in PickleScan, a popular open‑source tool used to scan machine learning models for malicious code. PickleScan is widely used in the AI world, including by Hu ...
-
CybersecurityNews
iOS Zero-Day Exploit Chain Leveraged by Mercenary Spyware for Device Surveillance
A new iOS zero-day exploit chain has been linked to mercenary spyware used for silent device surveillance against high‑risk users. The operation, attributed to the commercial surveillance vendor Intel ...